Implementing your own secure password storage scheme or integrating with the system-wide keychain facilities of modern Linuxes and OS X probably aren't projects you want to undertake. Understood. But may we please have an option to disable storing the passwords in "recentservers.xml"? Or make the quickconnect bar prompt for a password if left empty so FileZilla can be safely automated with KeePass, AutoHotkey, et al., without writing cleartext passwords to the filesystem with every invocation?

I find this "design feature" of FileZilla maddening, because it prevents me from 1) using KeePass to fill in the quickconnect bar, and 2) storing my FileZilla configs on Dropbox so I can access them from multiple computers and/or share with co-workers.

Not even mentioning university lab/friend's computer/cybercafé use, where a "feature" like this could be a real problem for innocents who don't think about stuff like this.

I know it's not the burden of the FileZilla developer(s) to make every user happy, but today this mis-feature caused me to have to reset six account passwords after "recentservers.xml" was "leaked" to a shared Dropbox folder. (Because, even though I can delete-delete the deleted file using the Dropbox web site, it's already been emblazoned on the magnetic platters of four other machines, plus Dropbox's servers, who ​can't be trusted anymore.)

My interim solution: set the permissions on "recentservers.xml" to 400 (r-- --- ---) and put up with the two error dialogs from FileZilla when it fails to write to that file. I could probably get KeePass to press "Enter" twice for me to make the dialogs go away, but I want to be annoyed frequently enough by it to eventually write a patch.